Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)

From: David Wright (no email)
Date: Wed Aug 08 2001 - 05:11:28 EDT

• Next message: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Previous message: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• In reply to: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Next in thread: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Reply: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Reply: Jeremy Howard: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Reply: Ken Murchison: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Please educate me, I do not understand.

> Please use pwcheck. Your problems will go away.

The pwcheck distributed with cyrus-sasl is not useful to me. My users
are not in /etc/passwd -- they are ONLY in an LDAP database. Even a
pwcheck daemon that uses LDAP is only useful to me <if> it does LDAP-SSL
-- I need password traffic encyrpted over the network. pam_ldap does
this nicely, so any pwcheck daemon that did all this would basically be
re-implementing the functionality of pam_ldap. Can you kindly point me
to a pwcheck daemon that just calls PAM?

> PAM does not do network authentication. PAM does not solve the
> problems under consideration.

What do you mean by "network authentication"? If you mean a ticket
system so that users need only authenticte themselves once, it most
certainly does, via Kerberos. If you mean certifying the identity of the
client and server machines, pam_ldap and OpenLDAP can do that. What
exactly is the problem under consideration that (given the appropriate
modules) PAM doesn't solve?

• Next message: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Previous message: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• In reply to: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Next in thread: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Reply: Lawrence Greenfield: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Reply: Jeremy Howard: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Reply: Ken Murchison: "Re: SASL re-entrancy crisis (was: OpenLDAP 2.0.x + pam_ldap + cyrus-imapd-2.0.x)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]